The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Simple Software Restriction Policy is a security add-on for Windows

Download Windows Speedup Tool to fix errors and make PC run faster

Simple Software Restriction Policy is a free security add-on for Windows computers that makes it harder for Potentially Unwanted Software or Malware to launch itself. You can use this freeware to lock down and harden your Windows security. This article shows everything about this application that you can use on Windows 11 as well as Windows 10.

Simple Software Restriction Policy

Simple Software Restriction Policy is a security add-on for Windows

Simple Software Restriction Policy bears some resemblance to the User Account Elevation feature. It is this feature that helps in preventing malware from acquiring Administrator rights, thereby limiting its scope of causing unprecedented harm. Basically, the tool prevents malware from running.

Unlike UAE which is extremely vulnerable to social engineering or user-duping tactics, Software Restriction Policy is strongly resistant to such events. It does not allow a program to launch if its installation was not preplanned.

It is, therefore, necessary to deactivate Software Restriction Policy before trying to launch the software installer. If not, the tool will throw multiple popups on your computer screen. Also note that for enabling software policy controls instantly, your system requires a restart.

To install Software Restriction Policy, visit the link given at the end of the article and download the program. After downloading it, run the program. When launched, it will offer an option to activate the policy or leave it in a dormant state until you enable it from the settings section. It’s advisable to activate the policy right away. The special characteristic of Software Policy Restriction tool worth mentioning is its low visibility during normal computer use.

The important functions of the utility app reside under the softwarepolicy.ini file. You can launch it in any plain text editor to tweak its behavior. The syntax is quite simple and instructions are specifically given for each entry.

  • CustomPolicies – Allows the software in standard locations such as Program Files to always run.
  • LimitedApps – Programs listed under this are allowed to run only with limited privileges.
  • SoftwarePolicy – Features some important file types such as exe, bat, etc.
  • AdminMenuPasswordLevel – Offers a tray menu of useful functions. You can enable it to password protect application configuration.

The main controls for Software Policy can be accessed via the System Tray. Hovering the mouse over its icon shows the policy status. Clicking once expands a menu of options. The important menu of options you can find under Software restriction policy are:

  1. Lock
  2. Unlock
  3. Configure.

The functions of Lock and Unlock options are self-explanatory. These will either activate or deactivate the policy restrictions, with immediate effect. When unlocked, the tray icon changes to show a red exclamation mark, and flashes. Moving the mouse cursor over it will display the amount of time left until the policy automatically reactivates (locks).

The Configure option opens the configuration file, softwarepolicy.ini in your standard text editor, usually Notepad. If you make changes and save, the policy interface will detect this situation and ask if you want to reload the settings and activate them.

software-restriction-policy-commands

In addition to the above main controls, the tray menu displays the power options. Exiting the tray applet does not deactivate any policy. It only disables the user controls.

shutdown-options

If the applet gets accidentally closed, it may be restarted from the desktop icon, or from the MLSoftwarePolicyTrayApplet startup shortcut in the Start Menu.

The Software Policy applet does not use the group policy approach for setting its controls. Instead, they are embedded directly in the registry. Performing operations in this manner imply an either/or situation where software policies may only be set by this applet, or by the group policy editor. Using both to set software policies would cause a conflict of interests.

The registry section where these policies reside and can be easily located is

HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer

On 64-bit Windows, you will find a second copy under:

HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\Safer

Both these need to be set in order so that the 32-bit and 64-bit software is properly controlled.

It is available at Sourceforge.com. Do read the detailed documentation there. It works on Windows 11 and Windows 10.

Related: The System Administrator has set policies to prevent this installation

What is the purpose of a Software Restriction Policy?

The main purpose of the Simple Software Restriction Policy is to harden your computer security. That said, you can manage your administrator rights or the UAC or User Account Control. For your information, this security policy makes sure which application you want to run with what permission.

What are the types of software restriction policy?

There are mainly two types of software restriction policy. The first one is the path rule. It lets you choose which app you want to block by the file path. It is handy when you want to block a specific app. The second one is the hash rule, which lets you block app execution as per the hash of the executable file.

A word of caution – Configuring any incorrect settings may hamper the normal functioning of the system., so use it with care.

HemantS@TWC

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *